Do it at home.

If you're at an internet cafe, though, it'd be nice if you could trust cabal packages.

    - Clark

On Sun, Oct 28, 2012 at 5:07 PM, Patrick Hurst <phurst@amateurtopologist.com> wrote:

On Oct 28, 2012, at 4:38 PM, Changaco <changaco@changaco.net> wrote:

> On Sun, 28 Oct 2012 17:46:10 +0100 Petr P wrote:
>> In this particular case, cabal can have the public part of the
>> certificate built-in (as it has the web address built in). So once one
>> has a verified installation of cabal, it can verify the server
>> packages without being susceptible to MitM attack (no matter if
>> they're PGP signed or X.509 signed).
>
> This is PGP's security model, so it's probably better to use PGP keys.


How do you get a copy of cabal while making sure that somebody hasn't MITMed you and replaced the PGP key?
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe